List of Cybercrimes in Saudi Arabia: Types, Penalties, and Real Incidents

Saudi Arabia is the largest hub of information and communication technology in the Middle East and is continuously evolving. Saudi Arabia is undergoing vigorous development at both the infrastructural and technological levels. In this blog, we will explore how digitization has raised concerns for the country. We will discuss cyberattacks in Saudi Arabia and how to prevent them.

The most common cybercrimes in Saudi Arabia include phishing, ransomware attacks, unauthorized access, identity theft, online fraud, data breaches, and defamation on social media. Under the Anti-Cybercrime Law of 2007, these crimes carry fines ranging from SAR 500,000 to SAR 5,000,000, as well as prison sentences of up to 4 years.

In response to the rising threat, the National Cybersecurity Authority and the Saudi Arabian Education Ministry signed an agreement to conduct joint cybersecurity training programs.

Notable Cyber Attacks in Saudi Arabia

According to Arab News, Saudi Arabia was the target of 7 million cyberattacks in the first two months of 2021.

Saudi Aramco Paid $50 Million Ransom After Data Leak

Saudi Arabia’s oil giant Aramco paid a ransom after a data leak within its organization. The data leak led to an extortion attempt where hackers demanded a $50 million ransom. Saudi Aramco is the world’s most valuable oil producer. The organization told the Associated Press that it discovered a limited amount of data leakage. This data was most likely held by the company’s third-party contractors.

The same press reported earlier that threat actors had held onto 1 TB of Saudi Aramco’s data, which was available on the darknet. Later, Aramco decided to pay in cryptocurrency to retrieve the data.

5 million User Data Exposed from Caller ID App Dali

Dali is a popular caller ID app in Saudi Arabia that helps find and identify contact numbers. The app is also used for reporting suspicious contact numbers. The application uses a misconfigured MongoDB database, exposing the data of 5 million users. The total size of the exposed data was 585 GB. 

King Saud University Database Was Hacked

King Saud University is the first university in the country and is home to over 40,000 students. A hacker group named Yourikan compromised the university’s database and stole the personal data of over 800 people. This data included names, phone numbers, email addresses, and passwords. The hacker later dumped the data but asked students to change their passwords.

List of Cybercrimes in Saudi Arabia

Saudi Arabia sees a wide range of cybercrimes across both individuals and organizations. Here is a breakdown of the most common types:

• Phishing Attacks: Phishing is one of the most widespread cybercrimes in Saudi Arabia. Attackers send fake emails or messages that appear to be from banks, government agencies, or employers. The goal is to steal login credentials or financial data.
• Ransomware: Ransomware attacks encrypt a victim’s data and demand payment for its release. The Saudi Aramco case is the most high-profile example. Critical infrastructure, healthcare, and energy sectors are common targets.
• Unauthorized Access to Systems: Hackers break into computers, networks, or databases without permission. This includes corporate systems, government portals, and university databases, as seen in the King Saud University breach.
• Identity Theft and Online Financial Fraud: Cybercriminals steal personal information to commit fraud, access bank accounts, or make unauthorized transactions. E-commerce fraud and SIM-swap attacks fall under this category.
• Social Media Defamation and Harassment: Publishing false or damaging content about individuals on social media platforms is a criminal offense under Saudi law. This includes online harassment and cyberstalking.
• Data Breaches and Exposure of Personal Data: Misconfigured databases or weak security controls lead to large-scale data leaks. The Dali app incident, which exposed data of 5 million users, is a clear example.
• Hacking of Social Media Accounts: Illegally accessing someone’s social media or email account is a Group B cybercrime in Saudi Arabia and carries fines of up to SAR 3,000,000.
• Publishing Immoral or Illegal Content Online: Storing or distributing content that violates public morality, religious values, or promotes illegal substances is criminalized under Group C of the Anti-Cybercrime Law.
• Cyberstalking and Blackmail: Using digital means to stalk, threaten, or blackmail individuals is a punishable offense. Luring victims online with the intent to harm falls under

Cybercrime Categories and Penalties Under Saudi Law

Cybercrimes in Saudi Arabia are categorized into three groups under the Anti-Cybercrime Law of 2007.

Group A: Privacy Violations and Unauthorized Access

This includes cybercrimes such as gaining unauthorized access to the victim’s computers through luring or blackmail. It also includes crimes like defaming a person on social media and breaching the privacy of individuals by either taking pictures or recording their voices on cell phones. A convicted cybercriminal faces a maximum penalty of SAR 500,000.

Group B: Hacking and Social Media Account Theft

These cybercrimes include hacking or unauthorized access to anyone’s social media account. The convicted criminal is charged with a maximum of SAR 3,000,000. 

Group C: Immoral Content and Drug Promotion Online

This group of cybercrimes includes storing and publishing anything that is not consistent with morality, religion, public order, or that breaches someone’s privacy. It also includes crimes such as publishing pornography and promoting or facilitating narcotic or psychotropic substances. The penalty levied upon the cybercriminal can reach a maximum of SAR 3,000,000.

How to Report Cybercrime in Saudi Arabia?

Victims of cyberattacks can report the crime to the nearest police station. The station transfers the report to the Saudi Bureau of Investigation and Public Prosecution (BIPP) for further investigation. After the crime is confirmed, the charge sheet is filed, and the threat actor is produced in criminal court.

According to Business Wire, the cybersecurity market in Saudi Arabia in 2020 was valued at $3.6 billion, and is expected to grow at a CAGR of 17.98% to $9.8 billion by 2026.

How Organizations Can Prevent Cyber Attacks in Saudi Arabia?

Organizations in Saudi Arabia must adopt smart measures to mitigate threats that compromise their information and operational security. It means they need to take a holistic approach to cybersecurity. A holistic approach would include security awareness, multi-layer protection, incident response tools, and outbound email security, among many others.

According to a news article by Arab News, more than 22.5 million brute-force attacks occurred on Remote Desktop Protocol (RDP) systems in 2020.

Cybersecurity Awareness

Both traditional and modern methods can be used to foster cyber awareness among employees in an organization. Traditional methods include standard cybersecurity workshops and lectures on cybersecurity best practices. But how effective are they? If people don’t experience the sequence of events in a real-life cyberattack, how will they identify it? That’s

That’s why the modern approach involves selecting a cybersecurity awareness training solution to equip employees with comprehensive training in awareness and defense. It uses modern simulation and analysis methodologies to generate awareness and provide cybersecurity training.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra layer of protection to accounts holding sensitive information. Therefore, even if the attacker gains access to the account credentials, MFA ensures the threat actor can’t access the account by cross-verifying the login details with the account’s legitimate owner.

Phishing Incident Response Tools

Phishing incident response tools help employees immensely by enabling quick detection and the elimination of cyber threats that manage to enter the organization’s environment via email. Phishing Incident Response Tools (TPIR) can be used to detect and remove phishing emails from the office environment after a recipient reports them.

Email Security

Email security is very important for both inbound and outbound email. It incorporates a significant part of the organization’s cybersecurity framework. However, the methods and tools used to secure both are different. Inbound email security can be ensured by using firewalls to block malicious traffic from entering the system’s environment. This may pose a threat to the system’s information and operations.

Outbound email security is a whole different ball game. Email Authentication and Anti-Spoofing tools help ensure outbound email security. TDMARC is one such tool that helps organizations maintain email legitimacy and improve email deliverability and engagement rates.

Prevention of Cyber Attacks Should Be the Long-Term Goal

Cybersecurity leaders and IT professionals need to ensure that security policies and solutions are implemented across the organization. The majority of cyberattacks succeed because of employees’ lack of awareness, not just weak technology.

That is where a people-first security approach matters. Threatcop helps organizations in Saudi Arabia and across the Middle East build that layer of human defense. Its security awareness training platform, TSAT, runs real phishing, ransomware, and smishing simulations so employees learn to spot attacks before they cause damage. It does not just train, it tracks who clicks, who reports, and who needs more work.

For emails specifically, TDMARC stops spoofed and fraudulent emails from reaching your team in the first place. And when a phishing email slips through, TPIR lets employees report it in one click and automatically removes it from the entire organization’s inbox.

Saudi Arabia’s threat landscape is not slowing down. Every CISO, CIO, and CEO in the region needs to treat cybersecurity as a business priority, not an IT checkbox. Investing in the right tools and training today is far cheaper than recovering from a breach tomorrow.

FAQs